← Back to exam page

312-50v13 Certified Ethical Hacker Exam (CEHv13)

Loading demo links...

Showing 13–15 of 20 questions

Question 13 (Exam Pool C)

Sam is a penetration tester hired by Inception Tech, a security organization. He was asked to perform port scanning on a target host in the network. While performing the given task, Sam sends FIN/ACK probes and determines that an RST packet is sent in response by the target host, indicating that the port is closed.

What is the port scanning technique used by Sam to discover open ports?

Select an option, then click Submit answer.

  • Xmas scan
  • IDLE/IPID header scan
  • TCP Maimon scan
  • ACK flag probe scan
Question 14 (Exam Pool C)

As a cybersecurity consultant for SafePath Corp, you have been tasked with implementing a system for secure email communication. The key requirement is to ensure both confidentiality and non-repudiation. While considering various encryption methods, you are inclined towards using a combination of symmetric and asymmetric cryptography. However, you are unsure which cryptographic technique would best serve the purpose. Which of the following options would you choose to meet these requirements?

Select an option, then click Submit answer.

  • Use symmetric encryption with the AES algorithm.

    The encrypted email and the encrypted symmetric key are then sent to the recipient.
    • The sender also generates a digital signature for the email, using their private key and a hash function, such as SHA-256, which is a secure and widely used algorithm for generating hashes. A hash function is a mathematical function that takes any input and produces a fixed-length output, called a hash or a digest, that uniquely represents the input. A digital signature is a hash of the email that is encrypted with the sender’s private key, using RS
    The digital signature is then attached to the email and sent to the recipient.
    • When the recipient receives the email, they first decrypt the symmetric key with their private key, using RS
    They then use the symmetric key to decrypt the email content, using AES. They also verify the digital signature by decrypting it with the sender’s public key, using RSA, and comparing the resulting hash with the hash of the email, using the same hash function. If the hashes match, it means that the email is authentic and has not been tampered with.
    Using this technique, the email communication is secure because:
    • The confidentiality of the email content is ensured by the symmetric encryption with AES, which is hard to break without knowing the symmetric key.
    • The symmetric key is also protected by the asymmetric encryption with RSA, which is hard to break without knowing the recipient’s private key.
    • The non-repudiation of the email is ensured by the digital signature with RSA, which is hard to forge without knowing the sender’s private key.
    • The digital signature also provides authentication and integrity of the email, as it proves that the email was sent by the sender and has not been altered in transit.


    References:


    • How to Encrypt Email (Gmail, Outlook, iOS, Yahoo, Android, AOL)
  • Use the Diffie-Hellman protocol for key exchange and encryption.
  • Apply asymmetric encryption with RSA and use the public key for encryption.
  • Apply asymmetric encryption with RSA and use the private key for signing.
Question 15 (Exam Pool A)

What is a NULL scan?

Select an option, then click Submit answer.

  • A scan in which all flags are turned off
  • A scan in which certain flags are off
  • A scan in which all flags are on
  • A scan in which the packet size is set to zero
  • A scan with an illegal packet size